Session Manager Subsystemï¼è¯¥è¿ç¨ä¸ºä¼è¯ç®¡çåç³»ç»ç¨ä»¥åå§åç³»ç»åéï¼MS-DOS驱å¨å称类似LPT1以åCOMï¼è°ç¨Win32壳åç³»ç»åè¿è¡å¨Windowsç»éè¿ç¨ãå®æ¯ä¸ä¸ªä¼è¯ç®¡çåç³»ç»ï¼è´è´£å¯å¨ç¨æ·ä¼è¯ãè¿ä¸ªè¿ç¨æ¯éè¿ç³»ç»è¿ç¨åå§åç并ä¸å¯¹è®¸å¤æ´»å¨çï¼å
æ¬å·²ç»æ£å¨è¿è¡çWinlogonï¼Win32(Csrss.exe)线ç¨å设å®çç³»ç»åéä½åºåæ ãå¨å®å¯å¨è¿äºè¿ç¨åï¼å®çå¾
Winlogonæè
Csrssç»æãå¦æè¿äºè¿ç¨æ¶æ£å¸¸çï¼ç³»ç»å°±å
³æäºãå¦æåçäºä»ä¹ä¸å¯é¢æçäºæ
ï¼smss.exeå°±ä¼è®©ç³»ç»åæ¢ååº(æèµ·)ãè¦æ³¨æï¼å¦æç³»ç»ä¸åºç°äºä¸åªä¸ä¸ªsmss.exeè¿ç¨ï¼èä¸æçsmss.exeè·¯å¾æ¯"%WINDIR%\SMSS.EXE"ï¼é£å°±æ¯ä¸äºTrojanClicker.Nogard.aç
æ¯ï¼è¿æ¯ä¸ç§Windowsä¸çPEç
æ¯ï¼å®éç¨VB6ç¼å ï¼æ¯ä¸ä¸ªèªå¨è®¿é®æç«ç¹çæ¨é©¬ç
æ¯ã该ç
æ¯ä¼å¨æ³¨å表ä¸å¤å¤æ·»å èªå·±çå¯å¨é¡¹ï¼è¿ä¼ä¿®æ¹ç³»ç»æ件WIN.INIï¼å¹¶å¨[WINDOWS]项ä¸å å
¥"RUN" = "%WINDIR%\SMSS.EXE"ãæå·¥æ¸
é¤æ¶è¯·å
ç»æç
æ¯è¿ç¨smss.exeï¼åå é¤%WINDIR%ä¸çsmss.exeæ件ï¼ç¶åæ¸
é¤å®å¨æ³¨å表åWIN.INIæ件ä¸çç¸å
³é¡¹å³å¯ã
æ¨é©¬å
æå¯è½è½å¸®ä½ æäºä»ã
ä¸è½½å°åï¼
http://sq2.onlinedown.net/soft/2985.htm è¦æ¯æä¸äº,å
Ctrl+ALT+delåäºå®,
åæå¨å é¤